8
 Described as 64 or 128 bit  Reality is 40 or 104  The pre-shared key (Not the same as WPA- PSK) is either 5 or 13 bytes  Initialization vector is transmitted with each packet  IV and key are concatenated to create a per packet key  IV is not a secret!  Four possible keys, index 0-3 MIS

9
 One bit field in the frame control field  Called by a number of different names  WEP bit  Privacy bit  Secure bit  With this bit set, the receiving station expects to see a four byte WEP header immediately following the header  Also expects to see a four byte trailer immediately following the payload or data portion MIS

10
 The four byte header is also the initialization vector or IV along with the index number to designate which WEP key was used  Again, this was used with the WEP key to encrypt the data packet  The four byte trailer is the Integrity Check Value or ICV  This function similar to a CRC check to protect against packet modification MIS

14
 Weak IV selection leads to key recovery  Known plaintext reveals key information  First two bytes of WEP payload are mandated by header spec (0xAA 0xAA)  Once you have enough weak IVs, you can recover the key  We will look at the Aircrack-ng tool for this MIS

15
 Pre-installed in Kali  Similar issue to Kismet, will need to launch from terminal, not from drop down  Aircrack-ng site has detailed information on installation, building from source, and use  MIS

16
 Need to connect wireless card to Kali  Need to verify using iwconfig command  Then launch Kismet for a little recon  This will also force the wireless card in to monitor mode  Since StarDrive is my AP we’ll focus on it MIS